|
|
|
In This Section: |
You can deploy the Check Point Appliance configuration files from a USB drive or SD card and quickly configure many appliances without using the First Time Configuration Wizard. The configuration file lets you configure more settings and parameters than are available in the First Time Configuration Wizard.
You can deploy configuration files in these conditions:
The Check Point Appliance starts, automatically mounts the USB drive or SD card, and searches the root directory for a configuration file.
Note - The USB drive must be formatted in FAT32.
From R77.20.85 and higher, SD cards are formatted with ext4. Older versions are formatted as FAT32. If you upgrade from a lower version to R77.20.85 or higher, the SD card will remain with FAT32 for backward compatibility.
This is a sample Check Point Appliance configuration file for USB deployment.
set time-zone GMT+01:00(Amsterdam/Berlin/Bern/Rome/Stockholm/Vienna) set ntp server primary 10.1.1.10 set ntp server secondary
set user admin type admin password aaaa set interface WAN ipv4-address 10.1.1.134 subnet-mask 255.255.255.192 default-gw 10.1.1.129
delete interface LAN1_Switch
set dhcp server interface LAN1 disable set interface LAN1 ipv4-address 10.4.6.3 subnet-mask 255.255.255.0
add interface LAN1 vlan 2 set dhcp server interface LAN1:2 disable set interface LAN1:2 ipv4-address 10.4.3.3 subnet-mask 255.255.255.0
set dhcp server interface LAN2 disable set interface LAN2 ipv4-address 192.168.254.254 subnet-mask 255.255.255.248 set interface LAN2 state on
set admin-access interfaces WAN access allow
set hostname DEMOgw01
|
|
The Check Point Appliance Massive Deployment configuration files are composed of CLIsh commands. These are the file names that you can use:
autoconf.clish autoconf.<MAC address>.clish <MAC address> is the specified MAC address in this format: XX-XX-XX-XX-XX
You can create multiple configuration files for Check Point Appliance gateways. The gateways run both files or only one of them. First the autoconf.clish configuration file is loaded. If there is a configuration file with the same MAC address as the gateway, that file is loaded second.
Use the # symbol to add comments to the configuration file.
This section describes how to deploy a configuration file on a USB drive to the Check Point Appliance. You must configure and format the file correctly before you deploy it. You can insert the USB drive in the front or rear USB port. Make sure the USB drive is formatted in FAT32.
You can deploy the configuration file to the Check Point Appliance when the appliance is off or when it is powered on.
|
Important - Do not remove the USB drive or insert a second USB drive while the configuration script runs. This may cause a configuration error. |
To deploy the configuration file from a USB drive for the initial configuration:
The USB LED comes on and is a constant orange.
Note - The USB LED is red when there is a problem running the configuration script. Turn off the Check Point Appliance and confirm that the configuration files are formatted correctly.
For more information about errors with configuration files, see Troubleshooting Configuration Files.
To edit or upgrade the existing configuration of a Check Point Appliance, deploy a configuration file. Use the set property command to set the appliance to use a configuration file on a USB drive. The USB drive can be inserted in the front or the rear USB port.
You can deploy the configuration file to the Check Point Appliance either when the appliance is off or when it is powered on.
|
Important - Do not remove the USB drive or insert a second USB drive while the Check Point Appliance configuration script runs. This may cause a configuration error. |
To deploy the configuration file from a USB drive to a configured appliance:
set property USB_auto_configuration onceThe appliance is set to use a configuration script from a USB drive.
The USB LED comes on and is a constant orange.
The USB LED is a constant green and the screen displays: System Started.
Note - The USB LED is red when there is a problem running the configuration script. Turn off the appliance and confirm that the configuration files are formatted correctly.
For more information about errors with configuration files, see Troubleshooting Configuration Files.
After the Check Point Appliance is successfully configured from a USB drive, a log is created.
autonconf.<MAC>.<timestamp>.<log> /tmp on the appliance.This section discusses the scenario where the configuration file fails and the Check Point Appliance is not fully configured.
If there is an error and the configuration file fails, the appliance is not fully configured and is no longer in the initial default condition. The commands in the configuration file that show before the error are applied to the appliance. You can examine the configuration log to find where the error occurred.
When the appliance is not fully configured, the First Time Configuration Wizard shows in the Web UI. However, not all of the settings from the failed configuration file show in the First Time Configuration Wizard.
Best Practice - Check Point recommends that you do not use the First Time Configuration Wizard to configure an appliance when the configuration file fails. Restore the default settings to a partially configured appliance before you use the First Time Configuration Wizard to ensure that the appliance is configured correctly.
This section contains a suggested workflow that explains what to do if there is an error with the configuration file on a USB drive. Use the set property USB_auto_configuration command when you run a configuration file script on a configured appliance.
Sample console output displaying an error
Booting Check Point RD-6281-A User Space...
INIT: Entering runlevel: 3
........sd 2:0:0:0: [sda] Assuming drive cache: write through
sd 2:0:0:0: [sda] Assuming drive cache: write through
.....................................................
System Started...
Start running autoconfiguration CLI script from USB2 ... Error.
autoconf.00-1C-7F-21-07-94.2011-07-21.1248.log was copied to USB2
autonconf.<MAC>.<timestamp>.<log> /tmp on the appliance.If you cannot repair the configuration file:
restore default-settings.If you understand the error and know how to repair the configuration file:
restore default-settings.This is a sample configuration log file for a configuration script that fails.
set hostname Demo1
set hostname: Setting hostname to 'Demo1'
OK
set interface WAN internet primary ipv4-address 66.66.66.11
Error: missing argument 'subnet-mask' for a new connection
Autoconfiguration CLI script failed, clish return code = 1
The set property CLI command controls how the Check Point Appliance runs configuration scripts from a USB drive. These commands do not change how the First Time Configuration Wizard in the Web UI configures the appliance.
set propert USB_auto_configuration off - The appliance does not run configuration scripts from a USB drive. set propert USB_auto_configuration once - The appliance only runs the next configuration script from a USB drive.set propert USB_auto_configuration any - The appliance always runs configuration scripts from a USB drive.